CollabPlan — Code Signing Key

Public key used to sign RFP bundles and release artifacts produced by CollabPlan. Chave pública usada para assinar artefatos publicados pela CollabPlan.

Fingerprint

AAE8 3A53 5FA9 BD20 2608  4BF3 57DC 8CFA 53F5 324D

Identity

<code@collabplan.ai>
ed25519 — created 2026-05-04 — signing subkey expires 2027-05-04 (renewed annually)

Fetch (plain HTTPS)

curl -fsSLO https://keys.collabplan.ai/code-collabplan-pubkey.asc
gpg --import code-collabplan-pubkey.asc
gpg --fingerprint code@collabplan.ai

The fingerprint reported by gpg --fingerprint must match the value above.

Fetch (Web Key Directory)

gpg --auto-key-locate wkd --locate-keys code@collabplan.ai

Resolves automatically via openpgpkey.collabplan.ai (WKD-Advanced). No manual URL handling.

Verifying a CollabPlan artifact

gpg --verify rfp-bundle-canonical.bundle.sig rfp-bundle-canonical.bundle

Output should report Good signature from "<code@collabplan.ai>" with the fingerprint above. Any other fingerprint, or a BAD signature result, means do not trust the artifact.

Last rotated: 2026-05-04 · This page is published from etc/keys/public/index.html in the CollabPlan repository.